Report - ww12.keepvid.works

Report Overview

Visited public
2023-09-22 05:05:49
Tags
URL
ww12.keepvid.works
Finishing URL
ww12.keepvid.works/
IP / ASN
193.218.118.205
#207656 Epinatura LLC
Title
Keepvid: Online Video downloader. Download Youtube videos.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-09-21 05:48:25	421 B	11 kB	142.250.74.42
cultergoy.com	204237	2021-10-04	2021-10-07 14:43:43	2023-09-07 00:04:44	429 B	1.5 kB	23.109.248.179
coreevolutionadulatory.com	unknown	2023-08-12	2023-08-12 04:36:59	2023-09-20 08:03:50	466 B	18 kB	192.243.59.20
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-09-21 07:47:14	431 B	747 B	139.45.195.8
inpage-push.com	40496	2020-08-28	2020-11-23 21:48:16	2023-09-13 20:34:16	2.5 kB	94 kB	139.45.197.239
offerimage.com	304078	2019-06-10	2019-06-10 13:11:53	2023-09-21 07:32:01	902 B	23 kB	104.22.32.172
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-09-21 06:15:08	3.3 kB	961 kB	142.250.74.35
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-09-21 05:17:05	340 B	942 B	54.230.80.227
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-09-21 09:08:08	442 B	425 B	52.58.179.111
tzegilo.com	unknown	2022-01-14	2022-01-14 16:27:15	2023-09-21 07:33:13	401 B	26 kB	104.21.6.68
ocsp.sectigo.com	487	2018-08-16	2019-11-29 12:50:24	2023-09-21 07:52:14	330 B	963 B	104.18.14.101
octavianimmaculate.com	unknown	2023-07-21	2023-08-06 06:45:05	2023-09-22 03:52:03	492 B	467 B	192.243.59.12
addresseepaper.com	18169	2021-11-01	2021-11-01 22:11:31	2023-09-21 09:08:08	406 B	0 B	0.0.0.0
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-09-21 07:35:08	3.2 kB	98 kB	216.58.207.227
writhehawm.com	unknown	2022-12-02	2022-12-02 11:43:17	2023-09-18 12:12:21	421 B	1.1 kB	142.91.159.92
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-21 05:09:09	2.0 kB	4.2 kB	216.58.207.195
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-09-21 07:27:40	436 B	35 kB	142.250.74.42
fleraprt.com	unknown	2022-01-14	2022-01-14 23:55:14	2023-09-20 20:54:08	535 B	486 B	139.45.195.254
www.google.com	7	1997-09-15	2015-05-10 13:11:19	2023-09-20 20:05:47	3.2 kB	62 kB	142.250.74.132
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04 17:12:50	2023-09-21 10:56:39	418 B	837 B	104.21.68.155
ww12.keepvid.works	unknown	2018-04-06	2023-09-19 16:53:32	2023-09-20 14:08:56	5.4 kB	124 kB	193.218.118.205
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-09-21 07:30:26	1.5 kB	78 kB	104.18.10.207

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-22	medium	cultergoy.com	Sinkholed
2023-09-22	medium	fleraprt.com	Sinkholed
2023-09-22	medium	coreevolutionadulatory.com	Sinkholed
2023-09-21	medium	banquetunarmedgrater.com	Sinkholed
2023-09-22	medium	octavianimmaculate.com	Sinkholed
2023-09-21	medium	addresseepaper.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (24)

	URL	From	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js	ScriptElement	97 kB	2023-03-07	2025-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js IP 142.250.74.42 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 14:41 Times Seen29044 Hash 4f252523d4af0b478c810c2547a63e19 5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Loading...

	www.google.com/recaptcha/api.js?render=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&_=1695359131525	ScriptElement	884 B	2023-09-22	2023-09-22
Pretty URL www.google.com/recaptcha/api.js?render=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&_=1695359131525 IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 07:05 Last Seen2023-09-22 07:05 Times Seen1 Hash 7bc488c273454bf81e30eb39a947ba8e 3cc6eb0716298f960cd13a23e77a5872ea0d193f 3d7f74eadb69405494c3b22ad06f07a036b37a22650d9888eda2fb8dc62d081f Loading...

	www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js	ScriptElement	464 kB	2023-09-14	2024-08-21
Pretty URL www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js IP 142.250.74.35 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-14 01:26 Last Seen2024-08-21 06:55 Times Seen3938 Hash e2fe3524ee9bc3801e88f30301fde700 ecdb5bdcebbbaad69868ea78033be35ac9b20a58 a36746585bd5af117aff1cfeec39c2a810d6d9c601ca083d132786abf09d01b1 Loading...

	tzegilo.com/stattag.js	ScriptElement	19 kB	2023-09-07	2024-08-21
Pretty URL tzegilo.com/stattag.js IP 104.21.6.68 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 20:07 Last Seen2024-08-21 07:20 Times Seen2395 Hash 89e89aea544ea2785d49cc4cd9cf26f6 7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b 86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s	ScriptElement	69 B	2023-03-07	2025-05-11
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 14:58 Times Seen116407 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	ww12.keepvid.works/keepvid.js?v20011023	ScriptElement	6.3 kB	2023-09-22	2023-10-09
Pretty URL ww12.keepvid.works/keepvid.js?v20011023 IP 193.218.118.205 ASN #207656 Epinatura LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 07:05 Last Seen2023-10-09 06:56 Times Seen2 Hash 8e58d171edd1795148cac2ed5c8984f9 c2f80f0c28d1a0a9995e3897c5c333df6005f35f 561c4b9f7e305915ea0731f36d9dea28d823317c450e0fab3beb9ff2552e8c0f Loading...

	ww12.keepvid.works/	ScriptElement	18 B	2023-07-15	2024-10-11
Pretty URL ww12.keepvid.works/ IP 193.218.118.205 ASN #207656 Epinatura LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-15 15:19 Last Seen2024-10-11 08:49 Times Seen5 Hash 9df043db11a1c6d8a832182cb912682e 1494af0f8c065e66c09c534bb45190134bbf5919 7f70f4f1a33d5094452e4cbac134dc485a2aea86b8a29a2156d7df38a1a60d56 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s	ScriptElement	44 kB	2024-08-21	2024-08-21
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 06:07 Last Seen2024-08-21 06:07 Times Seen1 Hash a602ce073e1d9d9a250494b6eed91140 fb0b033d4d9af06c01474ea813f96dcab5ec761a d1754dd5949855d678c8aa9dcc65f29d0bc54df03be3d8ac525acab0a844cb30 Loading...

	banquetunarmedgrater.com/advertisers.js	ScriptElement	0 B	0001-01-01	2025-05-11
Pretty URL banquetunarmedgrater.com/advertisers.js IP 104.21.68.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-11 15:02 Times Seen4655307 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	writhehawm.com/1clkn/65077?_=1695359131527	ScriptElement	6 B	2023-03-07	2025-05-11
Pretty URL writhehawm.com/1clkn/65077?_=1695359131527 IP 142.91.159.92 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-11 13:48 Times Seen12585 Hash 9082dc37e5e8046929da411544ad071a 41e0e3963ed94e59e8a2f115994c382712411537 b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550 Loading...

	ww12.keepvid.works/jquery-ui.min.js	ScriptElement	32 kB	2023-03-07	2024-12-25
Pretty URL ww12.keepvid.works/jquery-ui.min.js IP 193.218.118.205 ASN #207656 Epinatura LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:07 Last Seen2024-12-25 21:01 Times Seen9 Hash 288ec85a6bf5b67aa5b514e38e36939a 973d2f903b05f14c574a8443b8fbf226ef494d2e ebd9b012f2a01a5a059c5d435303366fb11c383fb3b07b045e5547c8978f6e4e Loading...

	inpage-push.com/400/4378921?_=1695359131523	ScriptElement	91 kB	2023-09-22	2023-09-22
Pretty URL inpage-push.com/400/4378921?_=1695359131523 IP 139.45.197.239 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 07:05 Last Seen2023-09-22 07:05 Times Seen1 Hash c380c481e3eff2bcf2872c9fff8a3035 8f5e0a221b9f895db5614d869affa328a6207f24 684d69862a7885226ba1e9eb8ed460b94b346cc9a694c963e3ba70099cc6d260 Loading...

	maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js	ScriptElement	37 kB	2023-03-07	2025-05-11
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 14:57 Times Seen27576 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	ww12.keepvid.works/socialsharekit/js/social-share-kit.min.js	ScriptElement	6.4 kB	2023-03-07	2024-10-11
Pretty URL ww12.keepvid.works/socialsharekit/js/social-share-kit.min.js IP 193.218.118.205 ASN #207656 Epinatura LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:16 Last Seen2024-10-11 08:49 Times Seen9 Hash 3f1d24bfc2eca31517fef7536b0877d5 8ee6799aba7a49be8a639e5f2d3d483d8cdb9fe5 c5e0dfe7c67c57b81ccbe43199f96b6fb5c63a216b6bb4a8ca9de8d32d24a174 Loading...

	ww12.keepvid.works/	ScriptElement	340 B	2024-08-21	2024-08-21
Pretty URL ww12.keepvid.works/ IP 193.218.118.205 ASN #207656 Epinatura LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 06:07 Last Seen2024-08-21 06:07 Times Seen1 Hash 1acbca7784a5a645ddf6007572ca12bc c08f2b7d675415edf812b67cc776f5c7549aae2f 455480e29450a6b1e5daf4b77d5e2b83717d11ba926fb95765905f18be285476 Loading...

	cultergoy.com/gkIGMdszupsFyd/32220?_=1695359131524	ScriptElement	6 B	2023-03-07	2025-05-11
Pretty URL cultergoy.com/gkIGMdszupsFyd/32220?_=1695359131524 IP 23.109.248.179 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:31 Last Seen2025-05-11 13:51 Times Seen8116 Hash 4fc71bf68a1d477bd1523733e34d1e90 15119105cffbe108b6cf290146ab02c9aa8517ba 74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce Loading...

	coreevolutionadulatory.com/f6/22/4b/f6224bb0b7a9499c696975c2e2ef89f4.js?_=1695359131526	ScriptElement	42 kB	2023-09-22	2023-09-22
Pretty URL coreevolutionadulatory.com/f6/22/4b/f6224bb0b7a9499c696975c2e2ef89f4.js?_=1695359131526 IP 192.243.59.20 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 07:05 Last Seen2023-09-22 07:05 Times Seen1 Hash 8168ca04da0e98b05b9d4da7e3b3394c f97f160052d8a6d0121ea428a4402bd3f2dad933 bd14ebea74abf7b458a9fc74753987821960efc264ff3a9f9408f15d7a96770a Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&cb=cc224ko0l2xo	ScriptElement	44 kB	2024-08-21	2024-08-21
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&cb=cc224ko0l2xo IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-21 06:07 Last Seen2024-08-21 06:07 Times Seen1 Hash 1fd2c82872bb30e1fd1ba6d4b2ab690f 36853b212c797f0e11e05fa0f859637708bc9223 50ad99dd74aef26a5484732fad81cb41f318403b8cb8434d986a96d186be7019 Loading...

		Size	First Seen	Last Seen
	#1 Eval - f186e8c5bfeb969dac34e2f4cd1b87b7	22 B	2023-09-17 09:00	2024-08-21 06:36
Pretty Observations First Seen2023-09-17 09:00 Last Seen2024-08-21 06:36 Times Seen447 Hash f186e8c5bfeb969dac34e2f4cd1b87b7 812a1b7509627f72d7beaaa26cd0815d072370f3 525935d73747a96c30d54b0e714815f74b799ed82e216ffbc0f00d46f1c4b382 Loading...

	#2 Eval - d4d87d3b81e62b9aec9d1fdce25ca9c3	22 B	2023-09-17 09:00	2024-08-21 06:36
Pretty Observations First Seen2023-09-17 09:00 Last Seen2024-08-21 06:36 Times Seen448 Hash d4d87d3b81e62b9aec9d1fdce25ca9c3 1d7500755027cf5fe7c11c02341fca4e5bad3a4e ad90a3f9a198100d7bf9d0eea43039ba6048b7486a7bbffc1b481d7335182b78 Loading...

	#3 Eval - 88c2512705ac51c92ff7aa0eb2721973	16 kB	2023-09-17 09:00	2024-08-21 06:36
Pretty Observations First Seen2023-09-17 09:00 Last Seen2024-08-21 06:36 Times Seen448 Hash 88c2512705ac51c92ff7aa0eb2721973 97eaa5094660ce8b5c02156581443a0f909406b5 fb9accb18d0cbcc1a3f2df21b904021c5de46a9595aadcdf40d6c1f2e96e6410 Loading...

	#4 Eval - 719c6855f804cbc962bc9be72bcd926d	22 kB	2024-08-21 06:07	2024-08-21 06:07
Pretty Observations First Seen2024-08-21 06:07 Last Seen2024-08-21 06:07 Times Seen1 Hash 719c6855f804cbc962bc9be72bcd926d e94d1cd484ed917e83d3b0780006031efad634a5 63a3a3e091aab820ccf738c055001e28a8767bc1b6ac25989a39bf5247739f6c Loading...

	#5 Eval - 1ea4732ae1afc82ec25f15c58ac122e0	62 B	2023-09-17 09:00	2024-08-21 06:36
Pretty Observations First Seen2023-09-17 09:00 Last Seen2024-08-21 06:36 Times Seen448 Hash 1ea4732ae1afc82ec25f15c58ac122e0 e2739667ed872617c13417131a4a883e37464a16 e804e0b76b1c2dbb49e839f47f5cdf11aac9dc9ad0f047553988640fa958d54f Loading...

	#6 Eval - 87e371db4aad13c062dde01c4500638b	22 kB	2024-08-21 06:07	2024-08-21 06:07
Pretty Observations First Seen2024-08-21 06:07 Last Seen2024-08-21 06:07 Times Seen1 Hash 87e371db4aad13c062dde01c4500638b bf5ea4bf8e70cbea141945f11bb568f91ccbb9b3 5ebb675b3cc91c5606d6209f9db84a37cde304b5ed7ad0a51626952491bf79be Loading...

HTTP Transactions (57)

URL IP Response Size

ww12.keepvid.works/

193.218.118.205

200 OK

9.2 kB

URL User Request GET HTTP/1.1
ww12.keepvid.works/
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (564), with CRLF, LF line terminators
Size
9.2 kB (9198 bytes)
Hash
a21b92550cb8e8ea3e453560dc2a7479
7dbae871201ddb447d0d7bb59b1c6a6a12e4b2c0
5bb4e002e1d0284ceee7c5f5802fc45e33635c38741ef396fc1cd3009d17c656

HTTP Headers

GET / HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

ww12.keepvid.works/default.css?v000012

193.218.118.205

200 OK

6.9 kB

URL GET HTTP/1.1
ww12.keepvid.works/default.css?v000012
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
6.9 kB (6872 bytes)
Hash
048d885d5213ad5c9992d559a73ae2ad
a5ed732abeeb2eca805448273fc9a9150b2590ae
fbe0a51470b60a1afac1ce2c1ad37162316cc4f574b0bef5041cdea1006eca71

HTTP Headers

GET /default.css?v000012 HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:30 GMT
Content-Type: text/css
Content-Length: 6872
Last-Modified: Wed, 21 Sep 2022 21:10:39 GMT
Connection: keep-alive
ETag: "632b7dcf-1ad8"
Accept-Ranges: bytes

ww12.keepvid.works/socialsharekit/js/social-share-kit.min.js

193.218.118.205

200 OK

6.4 kB

URL GET HTTP/1.1
ww12.keepvid.works/socialsharekit/js/social-share-kit.min.js
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
ASCII text, with very long lines (6112)
Size
6.4 kB (6380 bytes)
Hash
3f1d24bfc2eca31517fef7536b0877d5
8ee6799aba7a49be8a639e5f2d3d483d8cdb9fe5
c5e0dfe7c67c57b81ccbe43199f96b6fb5c63a216b6bb4a8ca9de8d32d24a174

HTTP Headers

GET /socialsharekit/js/social-share-kit.min.js HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: application/javascript
Content-Length: 6380
Last-Modified: Fri, 21 May 2021 01:40:41 GMT
Connection: keep-alive
ETag: "60a70f99-18ec"
Accept-Ranges: bytes

ww12.keepvid.works/keepvid.js?v20011023

193.218.118.205

200 OK

6.3 kB

URL GET HTTP/1.1
ww12.keepvid.works/keepvid.js?v20011023
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
ASCII text, with CRLF line terminators
Size
6.3 kB (6317 bytes)
Hash
8e58d171edd1795148cac2ed5c8984f9
c2f80f0c28d1a0a9995e3897c5c333df6005f35f
561c4b9f7e305915ea0731f36d9dea28d823317c450e0fab3beb9ff2552e8c0f

HTTP Headers

GET /keepvid.js?v20011023 HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: application/javascript
Content-Length: 6317
Last-Modified: Mon, 14 Aug 2023 22:52:53 GMT
Connection: keep-alive
ETag: "64dab045-18ad"
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

216.58.207.195

471 B

URL
ocsp.pki.goog/gts1c3
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
1b13be6661817b18d0800a27b36f25fb
fdbb4de5f5c21467b67b9f33afde9d33113fa870
caee548ecb274528f0580d432789bf24d40cd2dbf63da29f54ab2824d2d37d8b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 22 Sep 2023 05:05:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww12.keepvid.works/socialsharekit/css/social-share-kit.css

193.218.118.205

200 OK

13 kB

URL GET HTTP/1.1
ww12.keepvid.works/socialsharekit/css/social-share-kit.css
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
ASCII text, with very long lines (12395)
Size
13 kB (12656 bytes)
Hash
f77336d9604ac9760c94fa0c181c40d3
7024aa84addfb5d542fe76d56a939e3a141cf0fa
8999b18b7b370af9fef7fc290a2861914ad02219d63e51f958870e54e4e54167

HTTP Headers

GET /socialsharekit/css/social-share-kit.css HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: text/css
Content-Length: 12656
Last-Modified: Fri, 21 May 2021 01:40:37 GMT
Connection: keep-alive
ETag: "60a70f95-3170"
Accept-Ranges: bytes

ww12.keepvid.works/jquery-ui.min.js

193.218.118.205

200 OK

32 kB

URL GET HTTP/1.1
ww12.keepvid.works/jquery-ui.min.js
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
ASCII text, with very long lines (31929)
Size
32 kB (32162 bytes)
Hash
288ec85a6bf5b67aa5b514e38e36939a
973d2f903b05f14c574a8443b8fbf226ef494d2e
ebd9b012f2a01a5a059c5d435303366fb11c383fb3b07b045e5547c8978f6e4e

HTTP Headers

GET /jquery-ui.min.js HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: application/javascript
Content-Length: 32162
Last-Modified: Fri, 21 May 2021 01:40:19 GMT
Connection: keep-alive
ETag: "60a70f83-7da2"
Accept-Ranges: bytes

ww12.keepvid.works/jquery-ui.min.css

193.218.118.205

200 OK

17 kB

URL GET HTTP/1.1
ww12.keepvid.works/jquery-ui.min.css
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
ASCII text, with very long lines (15374)
Size
17 kB (16753 bytes)
Hash
35c627bf11e7b7fb371ab525fd75211c
c3c5989d658e933a48487eccd06694aede3a55b0
7824372caba242b82f290f8cff1966601ffc052c2f66cc1fb26d02cfd014a72f

HTTP Headers

GET /jquery-ui.min.css HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: text/css
Content-Length: 16753
Last-Modified: Fri, 21 May 2021 01:40:19 GMT
Connection: keep-alive
ETag: "60a70f83-4171"
Accept-Ranges: bytes

ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

142.250.74.42

200 OK

34 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://ww12.keepvid.works/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint09:AB:BF:F5:D0:04:69:59:E1:EA:AC:DA:8B:68:CF:62:94:2E:50:38
ValidityMon, 14 Aug 2023 08:22:09 GMT - Mon, 06 Nov 2023 08:22:08 GMT

File type
ASCII text, with very long lines (32077)
Size
34 kB (33951 bytes)
Hash
4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

HTTP Headers

GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 20 Sep 2023 17:26:32 GMT
expires: Thu, 19 Sep 2024 17:26:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 128339
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ww12.keepvid.works/images/keepvid-works-log-icon.png

193.218.118.205

200 OK

4.1 kB

URL GET HTTP/1.1
ww12.keepvid.works/images/keepvid-works-log-icon.png
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGB, non-interlaced\012- data
Size
4.1 kB (4140 bytes)
Hash
a02a3ad140113b95abd404a2f8367d34
9881b9b13240821eb309b80eade893f00265d287
dd3b1ba52ff77fd3e8462862d2d27af322e800cb003027e925139ab8373c8429

HTTP Headers

GET /images/keepvid-works-log-icon.png HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: image/png
Content-Length: 4140
Last-Modified: Fri, 21 May 2021 01:40:43 GMT
Connection: keep-alive
ETag: "60a70f9b-102c"
Accept-Ranges: bytes

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2

104.18.10.207

200 OK

18 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww12.keepvid.works/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Size
18 kB (18028 bytes)
Hash
448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

HTTP Headers

GET /bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww12.keepvid.works
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 22 Sep 2023 05:05:31 GMT
content-type: font/woff2
content-length: 18028
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "448c34a56d699c29117adc64c43affeb"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 11/15/2022 10:30:09
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1053
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: acdc7daf715bdca5e07b1abbf819c031
cdn-cache: HIT
cf-cache-status: HIT
age: 1716448
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80a8036a685e56bf-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.207.195

471 B

URL
ocsp.pki.goog/gts1c3
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
1b13be6661817b18d0800a27b36f25fb
fdbb4de5f5c21467b67b9f33afde9d33113fa870
caee548ecb274528f0580d432789bf24d40cd2dbf63da29f54ab2824d2d37d8b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 22 Sep 2023 05:05:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ww12.keepvid.works/socialsharekit/fonts/social-share-kit.woff

193.218.118.205

200 OK

7.2 kB

URL GET HTTP/1.1
ww12.keepvid.works/socialsharekit/fonts/social-share-kit.woff
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
Web Open Font Format, CFF, length 7160, version 1.0\012- data
Size
7.2 kB (7160 bytes)
Hash
8a2ad25bbd5fa27b1c0416768aed10a3
d650e29cea9d132b5e84be07c8b30e1a76851dbc
0458fa0033848d1a830c91ade83e2692154c2e9836eaf7974fd4803d656f6efc

HTTP Headers

GET /socialsharekit/fonts/social-share-kit.woff HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/socialsharekit/css/social-share-kit.css
Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: application/font-woff
Content-Length: 7160
Last-Modified: Fri, 21 May 2021 01:40:38 GMT
Connection: keep-alive
ETag: "60a70f96-1bf8"
Accept-Ranges: bytes

cultergoy.com/gkIGMdszupsFyd/32220?_=1695359131524

23.109.248.179

200 OK

26 B

URL GET HTTP/1.1
cultergoy.com/gkIGMdszupsFyd/32220?_=1695359131524
IP
23.109.248.179:443
ASN
#7979 SERVERS-COM

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subjectcultergoy.com
FingerprintE7:D8:11:E8:6C:73:F5:2A:7B:8B:92:38:68:DB:BB:FE:52:20:15:DA
ValidityFri, 25 Aug 2023 23:34:17 GMT - Thu, 23 Nov 2023 23:34:16 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
4fc71bf68a1d477bd1523733e34d1e90
15119105cffbe108b6cf290146ab02c9aa8517ba
74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /gkIGMdszupsFyd/32220?_=1695359131524 HTTP/1.1
Host: cultergoy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://ww12.keepvid.works
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Sat, 23-Sep-2023 05:05:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjCC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7B3R; expires=Sat, 23-Sep-2023 05:05:31 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

ww12.keepvid.works/favicon.ico

193.218.118.205

200 OK

1.2 kB

URL GET HTTP/1.1
ww12.keepvid.works/favicon.ico
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
935d2c6261d0c700d3ff899e8f8b72ad
59fc194d76c8ae3383d507a3e880740b840a0e7e
5666e4ed23ccc309458d3815bd48bd2dc1e390e5e600e521c0b140ca41211173

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 21 May 2021 01:40:18 GMT
Connection: keep-alive
ETag: "60a70f82-47e"
Accept-Ranges: bytes

tzegilo.com/stattag.js

104.21.6.68

200 OK

26 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
104.21.6.68:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww12.keepvid.works/
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint42:15:A6:1F:C2:2C:D5:FF:32:2C:B9:6C:84:A6:86:63:B0:45:C5:20
ValidityMon, 07 Aug 2023 17:09:01 GMT - Sun, 05 Nov 2023 17:09:00 GMT

File type
ASCII text, with very long lines (18369)
Size
26 kB (25533 bytes)
Hash
89e89aea544ea2785d49cc4cd9cf26f6
7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b
86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 05:05:31 GMT
content-type: application/javascript
last-modified: Thu, 07 Sep 2023 08:19:52 GMT
etag: W/"64f987a8-4a4b"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 4010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YBQ787E6OPWo5M8ksmlYiV4kOcDfVMJxbTBeiK4r2iAhMMuR7poEtOVlsZ%2F2sY9GAoQ4cUsKg%2Fc5mX%2F3wscrm3yFlmpIFjADlYlU%2FkJWxPeQfNSoGoxFoDL00knQ0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80a8036d6ad5b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.14.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.14.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
cbf5b0228e6fb4a0147cec87a9f3d621
c2cfb64303a7ae0e92a90a2e110fe2c995bd234c
29c4f86517e8e64bde152fcf9f689b7a76195ef1614a21548ab1c69ea83353c2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 21 Sep 2023 02:44:33 GMT
Expires: Thu, 28 Sep 2023 02:44:32 GMT
Etag: "c2cfb64303a7ae0e92a90a2e110fe2c995bd234c"
Cache-Control: max-age=509570,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80a8036e981d56b5-OSL

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://ww12.keepvid.works/
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
FingerprintA4:AF:A0:00:99:C9:85:E5:30:F6:F3:F2:B5:4F:AE:4F:D0:46:74:A9
ValidityMon, 09 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1347
Origin: https://ww12.keepvid.works
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Fri, 22 Sep 2023 05:07:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://ww12.keepvid.works
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

my.rtmark.net/gid.js

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintB4:02:64:AF:5C:AB:27:5B:1B:80:CF:C8:FF:EB:BF:43:29:C3:C5:C1
ValidityTue, 25 Jul 2023 06:29:27 GMT - Mon, 23 Oct 2023 06:29:26 GMT

File type
JSON data\012- , ASCII text
Size
65 B (65 bytes)
Hash
4e17c543e276207add540f8c7867753e
21694859d57d8ede10151dbaecd7be89dd420999
4fafee9c5afee452ce3924839658a7864c9d6d80cd897c93c66c239c191d8bc4

HTTP Headers

GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww12.keepvid.works
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 22 Sep 2023 05:05:32 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://ww12.keepvid.works
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c16e1b77b7fa4eab8f682d6404e8ee67; expires=Sat, 21 Sep 2024 05:05:32 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

inpage-push.com/500/4378921?excludes=&oaid=c16e1b77b7fa4eab8f682d6404e8ee67&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fww12.keepvid.works%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=7&sw_version=v1.299.2

139.45.197.239

200 OK

0 B

URL GET HTTP/2
inpage-push.com/500/4378921?excludes=&oaid=c16e1b77b7fa4eab8f682d6404e8ee67&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fww12.keepvid.works%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=7&sw_version=v1.299.2
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subjectinpage-push.com
Fingerprint36:65:A0:0B:78:CB:7B:B5:21:F9:D2:BB:ED:53:E4:11:2D:29:AB:9F
ValiditySat, 16 Sep 2023 10:10:27 GMT - Fri, 15 Dec 2023 10:10:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /500/4378921?excludes=&oaid=c16e1b77b7fa4eab8f682d6404e8ee67&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fww12.keepvid.works%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=7&sw_version=v1.299.2 HTTP/1.1
Host: inpage-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://ww12.keepvid.works/
Origin: https://ww12.keepvid.works
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 22 Sep 2023 05:05:32 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://ww12.keepvid.works
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg

104.22.32.172

200 OK

11 kB

URL GET HTTP/2
offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww12.keepvid.works/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (10857 bytes)
Hash
c203639f459b6e675afc744dd5393fc6
c83a0142c1a7f6a07c2dd360243197a27f560932
64b4e386658d3f5764261f576a4673eb506fcad5e38e69ef085723f8dab72263

HTTP Headers

GET /www/images/c203639f459b6e675afc744dd5393fc6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 05:05:32 GMT
content-type: image/jpeg
content-length: 10857
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849a-2a69"
expires: Fri, 22 Sep 2023 08:43:53 GMT
last-modified: Thu, 01 Dec 2022 10:40:26 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 73299
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 80a80370d9fa0a41-ARN
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.207.195

472 B

URL
ocsp.pki.goog/gts1c3
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d4dc779b1a0ec916d264c47f98c9ca47
5e297cf07a10c5ca54cdd301c3da2c76396d5463
ddcf363bc12e79a3f17573efa0f709954cc3aadd8ad71e1d46bf341856890e4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 22 Sep 2023 05:05:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.com/recaptcha/api.js?render=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&_=1695359131525

142.250.74.132

200 OK

586 B

URL GET HTTP/2
www.google.com/recaptcha/api.js?render=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&_=1695359131525
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://ww12.keepvid.works/
Certificate
IssuerGoogle Trust Services LLC
Subjectwww.google.com
Fingerprint46:10:6A:3E:F0:E9:34:E0:79:83:32:6E:2E:D8:2A:57:15:BD:AC:4C
ValidityMon, 14 Aug 2023 08:23:03 GMT - Mon, 06 Nov 2023 08:23:02 GMT

File type
ASCII text, with very long lines (884), with no line terminators
Size
586 B (586 bytes)
Hash
7bc488c273454bf81e30eb39a947ba8e
3cc6eb0716298f960cd13a23e77a5872ea0d193f
3d7f74eadb69405494c3b22ad06f07a036b37a22650d9888eda2fb8dc62d081f

HTTP Headers

GET /recaptcha/api.js?render=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&_=1695359131525 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
expires: Fri, 22 Sep 2023 05:05:36 GMT
date: Fri, 22 Sep 2023 05:05:36 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 586
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.207.195

471 B

URL
ocsp.pki.goog/gts1c3
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
592a801b77f88de399f499779ecea360
458c4e9b9125d81b343ba4bf7c34e7d6bcd141ef
cfbe885789fa7031cf494c91dccc4a6524c01223f358392a70010c488a1e7ec6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 22 Sep 2023 05:05:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

216.58.207.195

472 B

URL
ocsp.pki.goog/gts1c3
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
317241e90eb60ec6f1cb0b3a85596fa4
d2d1ddf661a68a374f9a2a8374c6c150ee48841c
424c15875c5213ee197c04f3d276cadee681f8e6dd67aceb977a14ac7e086302

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 22 Sep 2023 05:05:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js

142.250.74.35

200 OK

186 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
ASCII text, with very long lines (552)
Size
186 kB (185696 bytes)
Hash
e2fe3524ee9bc3801e88f30301fde700
ecdb5bdcebbbaad69868ea78033be35ac9b20a58
a36746585bd5af117aff1cfeec39c2a810d6d9c601ca083d132786abf09d01b1

HTTP Headers

GET /recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww12.keepvid.works
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 185696
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 12:27:08 GMT
expires: Fri, 20 Sep 2024 12:27:08 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Sep 2023 18:47:28 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 59908
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

216.58.207.195

472 B

URL
ocsp.pki.goog/gts1c3
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
317241e90eb60ec6f1cb0b3a85596fa4
d2d1ddf661a68a374f9a2a8374c6c150ee48841c
424c15875c5213ee197c04f3d276cadee681f8e6dd67aceb977a14ac7e086302

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 22 Sep 2023 05:05:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

104.18.10.207

200 OK

20 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww12.keepvid.works/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65371)
Size
20 kB (20289 bytes)
Hash
ec3bb52a00e176a7181d454dffaea219
6527d8bf3e1e9368bab8c7b60f56bc01fa3afd68
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww12.keepvid.works
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 05:05:31 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"ec3bb52a00e176a7181d454dffaea219"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 07/06/2023 22:31:57
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1078
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 3495bdfbe739b7c44278084397b92845
cdn-cache: HIT
cf-cache-status: HIT
age: 1716449
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80a80368ff7456bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&cb=cc224ko0l2xo

142.250.74.132

200 OK

29 kB

URL GET HTTP/3
www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&cb=cc224ko0l2xo
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://ww12.keepvid.works/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (44354)
Size
29 kB (28969 bytes)
Hash
3d54016fcd1675c631941bd6092e22b0
ac0c5d5d85174ac023bb49defca30be538f7143d
86287c8e76b3ead69544c9120d058fd85f61e531cbe8aa15e0b610429ffb0ce3

HTTP Headers

GET /recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&cb=cc224ko0l2xo HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 22 Sep 2023 05:05:36 GMT
content-security-policy: script-src 'nonce-XGBUmcWSgYwuqQ3fINtYjQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 28969
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s

142.250.74.132

200 OK

29 kB

URL GET HTTP/3
www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://ww12.keepvid.works/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (44383)
Size
29 kB (28974 bytes)
Hash
8f9d56a3ce6a1009fd779fb9038f735e
85d9a2f0dadca7367bf1cd13f96c72cc445cb813
8bd7a1700526ef9aec9c82773bb120d4c994348a6ddc8dcbfd43a6fd8950300e

HTTP Headers

GET /recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 22 Sep 2023 05:05:36 GMT
content-security-policy: script-src 'nonce-59kKFXNIvL_HNYaR7kNxQw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 28974
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

coreevolutionadulatory.com/f6/22/4b/f6224bb0b7a9499c696975c2e2ef89f4.js?_=1695359131526

192.243.59.20

200 OK

17 kB

URL GET HTTP/1.1
coreevolutionadulatory.com/f6/22/4b/f6224bb0b7a9499c696975c2e2ef89f4.js?_=1695359131526
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subjectcoreevolutionadulatory.com
FingerprintEB:B4:72:72:90:4D:38:E2:69:8C:23:EC:8A:FB:73:2F:73:3F:52:9C
ValiditySat, 12 Aug 2023 01:15:07 GMT - Fri, 10 Nov 2023 01:15:06 GMT

File type
ASCII text, with very long lines (42312), with no line terminators
Size
17 kB (17162 bytes)
Hash
8168ca04da0e98b05b9d4da7e3b3394c
f97f160052d8a6d0121ea428a4402bd3f2dad933
bd14ebea74abf7b458a9fc74753987821960efc264ff3a9f9408f15d7a96770a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /f6/22/4b/f6224bb0b7a9499c696975c2e2ef89f4.js?_=1695359131526 HTTP/1.1
Host: coreevolutionadulatory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 22 Sep 2023 05:05:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_FEATURES-1585_3=1; expires=Sat, 23 Sep 2023 05:05:36 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9edcd41799a9c2deef2d221dd7592333
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/styles__ltr.css

142.250.74.35

200 OK

25 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/styles__ltr.css
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
ASCII text, with very long lines (56398), with no line terminators
Size
25 kB (24606 bytes)
Hash
eb4bc511f79f7a1573b45f5775b3a99b
d910fb51ad7316aa54f055079374574698e74b35
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

HTTP Headers

GET /recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/styles__ltr.css HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 24606
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 05:34:23 GMT
expires: Fri, 20 Sep 2024 05:34:23 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Sep 2023 18:47:28 GMT
content-type: text/css
vary: Accept-Encoding
age: 84674
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js

142.250.74.35

200 OK

186 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
ASCII text, with very long lines (552)
Size
186 kB (185696 bytes)
Hash
e2fe3524ee9bc3801e88f30301fde700
ecdb5bdcebbbaad69868ea78033be35ac9b20a58
a36746585bd5af117aff1cfeec39c2a810d6d9c601ca083d132786abf09d01b1

HTTP Headers

GET /recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 185696
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 12:27:08 GMT
expires: Fri, 20 Sep 2024 12:27:08 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Sep 2023 18:47:28 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 59909
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js

142.250.74.35

200 OK

186 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
ASCII text, with very long lines (552)
Size
186 kB (185696 bytes)
Hash
e2fe3524ee9bc3801e88f30301fde700
ecdb5bdcebbbaad69868ea78033be35ac9b20a58
a36746585bd5af117aff1cfeec39c2a810d6d9c601ca083d132786abf09d01b1

HTTP Headers

GET /recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 185696
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 12:27:08 GMT
expires: Fri, 20 Sep 2024 12:27:08 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Sep 2023 18:47:28 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 59909
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg

104.22.32.172

200 OK

11 kB

URL GET HTTP/2
offerimage.com/www/images/c203639f459b6e675afc744dd5393fc6.jpeg
IP
104.22.32.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww12.keepvid.works/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
FingerprintDB:4D:42:F8:E2:4C:E3:E4:BB:22:D8:D1:F7:64:B5:9A:10:B6:25:E0
ValiditySun, 07 May 2023 00:00:00 GMT - Mon, 06 May 2024 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Size
11 kB (10857 bytes)
Hash
c203639f459b6e675afc744dd5393fc6
c83a0142c1a7f6a07c2dd360243197a27f560932
64b4e386658d3f5764261f576a4673eb506fcad5e38e69ef085723f8dab72263

HTTP Headers

GET /www/images/c203639f459b6e675afc744dd5393fc6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 22 Sep 2023 05:05:37 GMT
content-type: image/jpeg
content-length: 10857
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6388849a-2a69"
expires: Fri, 22 Sep 2023 08:43:53 GMT
last-modified: Thu, 01 Dec 2022 10:40:26 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 73304
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 80a8038fd8a80a41-ARN
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

54.230.80.227

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
613dc8198510e7022453eafbf86efdd8
3b217fa4b4ae5cb4acbfa31ac25749afcd762c9b
f25c7b7db78817dda91918e0c08e4174d70a64d7f10c0f1e89343dcd07e95314

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 22 Sep 2023 05:05:37 GMT
Last-Modified: Fri, 22 Sep 2023 04:04:38 GMT
Server: ECAcc (ska/F775)
X-Cache: Miss from cloudfront
Via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GC-i2yyk0F-93IDQSx3Ilg5gyM72nx1WcNyAXqEJEmhf3BwRv_igRw==
Age: 3659

professionalswebcheck.com/stats

52.58.179.111

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
52.58.179.111:443
ASN
#16509 AMAZON-02

Requested by
https://ww12.keepvid.works/
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ad6d5e4d7b89a0f3287200175a325d8a
dd814e6ad3c7a621c7c5431f9750a0fa1f23ddbf
5aaff9284402f49d4f4b86caec1dc1c8c0d1d6cb52474e8cf56e9d209926b3ef

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww12.keepvid.works
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 05:05:37 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://ww12.keepvid.works
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=932fc86b-5c42-4b34-a007-b7397c51faae:2:1; expires=Mon, 19 Sep 2033 05:05:37 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://ww12.keepvid.works/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww12.keepvid.works
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 04:50:55 GMT
expires: Fri, 20 Sep 2024 04:50:55 GMT
cache-control: public, max-age=31536000
age: 87282
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://ww12.keepvid.works/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww12.keepvid.works
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 15 Sep 2023 10:05:24 GMT
expires: Sat, 14 Sep 2024 10:05:24 GMT
cache-control: public, max-age=31536000
age: 586813
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&cb=cc224ko0l2xo
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 15:24:26 GMT
expires: Fri, 20 Sep 2024 15:24:26 GMT
cache-control: public, max-age=31536000
age: 49271
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&cb=cc224ko0l2xo
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 05:45:56 GMT
expires: Wed, 18 Sep 2024 05:45:56 GMT
cache-control: public, max-age=31536000
age: 256781
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8

142.250.74.132

200 OK

112 B

URL GET HTTP/3
www.google.com/recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type
ASCII text, with no line terminators
Size
112 B (112 bytes)
Hash
b246a8ec821c5b63e5ae72a159c4afe0
ae4be8c73173207cb904a30229ec22c652c7da1f
e5cc584ab2125a34a5dfabff1e040a321d4b5171989bcd3dd0bb1275fc355c25

HTTP Headers

GET /recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
expires: Fri, 22 Sep 2023 05:05:37 GMT
date: Fri, 22 Sep 2023 05:05:37 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 112
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/api2/logo_48.png

142.250.74.35

200 OK

2.2 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/api2/logo_48.png
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Size
2.2 kB (2228 bytes)
Hash
ef9941290c50cd3866e2ba6b793f010d
4736508c795667dcea21f8d864233031223b7832
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

HTTP Headers

GET /recaptcha/api2/logo_48.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/styles__ltr.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 2228
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 15 Sep 2023 14:42:45 GMT
expires: Fri, 22 Sep 2023 14:42:45 GMT
cache-control: public, max-age=604800
age: 570172
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&cb=cc224ko0l2xo
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 15:24:26 GMT
expires: Fri, 20 Sep 2024 15:24:26 GMT
cache-control: public, max-age=31536000
age: 49271
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/3
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&cb=cc224ko0l2xo
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 05:45:56 GMT
expires: Wed, 18 Sep 2024 05:45:56 GMT
cache-control: public, max-age=31536000
age: 256781
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.google.com/recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8

142.250.74.132

200 OK

112 B

URL GET HTTP/3
www.google.com/recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8
IP
142.250.74.132:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&sa=submit&cb=n4du3w8fgj9s
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint5A:48:5B:27:A7:FB:0B:D6:63:83:8E:8E:80:DB:29:B7:2C:72:A8:8E
ValidityMon, 14 Aug 2023 08:16:28 GMT - Mon, 06 Nov 2023 08:16:27 GMT

File type
ASCII text, with no line terminators
Size
112 B (112 bytes)
Hash
b246a8ec821c5b63e5ae72a159c4afe0
ae4be8c73173207cb904a30229ec22c652c7da1f
e5cc584ab2125a34a5dfabff1e040a321d4b5171989bcd3dd0bb1275fc355c25

HTTP Headers

GET /recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfoWsQcAAAAACyoTdC9goAzkfFl4WC11-Xhx1dv&co=aHR0cHM6Ly93dzEyLmtlZXB2aWQud29ya3M6NDQz&hl=en&v=uEf7E1417z6GNSkRx7AyL8K8&size=invisible&cb=cc224ko0l2xo
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
expires: Fri, 22 Sep 2023 05:05:37 GMT
date: Fri, 22 Sep 2023 05:05:37 GMT
cache-control: private, max-age=300
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 112
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

banquetunarmedgrater.com/advertisers.js

104.21.68.155

200 OK

0 B

URL GET HTTP/2
banquetunarmedgrater.com/advertisers.js
IP
104.21.68.155:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww12.keepvid.works/
Certificate
IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint77:2B:76:51:D0:51:70:02:2E:BF:B7:9B:02:8B:5A:A4:91:FA:0B:9E
ValidityMon, 11 Sep 2023 08:34:11 GMT - Sun, 10 Dec 2023 08:34:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 05:05:37 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: 6a0a10bf52509d69bb270ddcc3fec6cc
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Fri, 22 Sep 2023 05:05:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZWSoRLPAh5VMqDvMJ3ZfZ4Tnn8uceyhJ5Y22tOAWWn8SnJDix4eLvFxnquDeJG6aSDT7noD1PFCfguUOkpZj74vEleOW32LQJ3eOSSnWnegDesGB64l8vXj%2FS4K7FG5a39PoRqnTcbj%2F4vU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80a8039099db0b41-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js

142.250.74.35

200 OK

186 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
ASCII text, with very long lines (552)
Size
186 kB (185696 bytes)
Hash
e2fe3524ee9bc3801e88f30301fde700
ecdb5bdcebbbaad69868ea78033be35ac9b20a58
a36746585bd5af117aff1cfeec39c2a810d6d9c601ca083d132786abf09d01b1

HTTP Headers

GET /recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 185696
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 12:27:08 GMT
expires: Fri, 20 Sep 2024 12:27:08 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Sep 2023 18:47:28 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 59909
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js

142.250.74.35

200 OK

186 kB

URL GET HTTP/3
www.gstatic.com/recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=uEf7E1417z6GNSkRx7AyL8K8
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintAB:14:67:80:B6:91:41:34:54:E4:AE:2E:71:65:B4:8E:65:B2:D2:2D
ValidityMon, 14 Aug 2023 08:22:45 GMT - Mon, 06 Nov 2023 08:22:44 GMT

File type
ASCII text, with very long lines (552)
Size
186 kB (185696 bytes)
Hash
e2fe3524ee9bc3801e88f30301fde700
ecdb5bdcebbbaad69868ea78033be35ac9b20a58
a36746585bd5af117aff1cfeec39c2a810d6d9c601ca083d132786abf09d01b1

HTTP Headers

GET /recaptcha/releases/uEf7E1417z6GNSkRx7AyL8K8/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 185696
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 21 Sep 2023 12:27:08 GMT
expires: Fri, 20 Sep 2024 12:27:08 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Sep 2023 18:47:28 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 59909
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

octavianimmaculate.com/pixel/purst?dl=0&th=0&sc=0&rs=6870&rd=6870&fd=591&bv=23.9.v.4&tmpl=70

192.243.59.12

200 OK

0 B

URL GET HTTP/1.1
octavianimmaculate.com/pixel/purst?dl=0&th=0&sc=0&rs=6870&rd=6870&fd=591&bv=23.9.v.4&tmpl=70
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subjectoctavianimmaculate.com
Fingerprint6E:F0:4C:AE:FD:B5:D2:79:5A:DE:C1:2B:EF:11:A8:64:66:D7:26:E3
ValidityTue, 19 Sep 2023 06:52:25 GMT - Mon, 18 Dec 2023 06:52:24 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=6870&rd=6870&fd=591&bv=23.9.v.4&tmpl=70 HTTP/1.1
Host: octavianimmaculate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 22 Sep 2023 05:05:37 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

writhehawm.com/1clkn/65077?_=1695359131527

142.91.159.92

200 OK

26 B

URL GET HTTP/1.1
writhehawm.com/1clkn/65077?_=1695359131527
IP
142.91.159.92:443
ASN
#7979 SERVERS-COM

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subjectwrithehawm.com
FingerprintD7:8D:E4:64:58:DA:AF:D4:91:72:E3:73:BF:8D:F0:9A:22:61:EC:F4
ValidityMon, 04 Sep 2023 23:57:36 GMT - Sun, 03 Dec 2023 23:57:35 GMT

File type
ASCII text, with no line terminators
Size
26 B (26 bytes)
Hash
9082dc37e5e8046929da411544ad071a
41e0e3963ed94e59e8a2f115994c382712411537
b7848d86edc8dc3b5bc6a5c666069f9a31e000cee51575d3b6083951607e1550

HTTP Headers

GET /1clkn/65077?_=1695359131527 HTTP/1.1
Host: writhehawm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:38 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Sat, 23-Sep-2023 05:05:38 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjCC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7B3R; expires=Sat, 23-Sep-2023 05:05:38 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

inpage-push.com/400/4378921?_=1695359131523

139.45.197.239

200 OK

91 kB

URL GET HTTP/2
inpage-push.com/400/4378921?_=1695359131523
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subjectinpage-push.com
Fingerprint36:65:A0:0B:78:CB:7B:B5:21:F9:D2:BB:ED:53:E4:11:2D:29:AB:9F
ValiditySat, 16 Sep 2023 10:10:27 GMT - Fri, 15 Dec 2023 10:10:26 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
91 kB (91392 bytes)
Hash
c380c481e3eff2bcf2872c9fff8a3035
8f5e0a221b9f895db5614d869affa328a6207f24
684d69862a7885226ba1e9eb8ed460b94b346cc9a694c963e3ba70099cc6d260

HTTP Headers

GET /400/4378921?_=1695359131523 HTTP/1.1
Host: inpage-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 22 Sep 2023 05:05:31 GMT
content-type: application/javascript
x-trace-id: 93d2da07dc1a29dd8f912cd4fe023432
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=5caf25a6deea46e690716fe5693488da; expires=Sat, 21 Sep 2024 05:05:31 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

ww12.keepvid.works/images/keepvid-works-logo.jpg

193.218.118.205

200 OK

18 kB

URL GET HTTP/1.1
ww12.keepvid.works/images/keepvid-works-logo.jpg
IP
193.218.118.205:443
ASN
#207656 Epinatura LLC

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subject*.keepvid.works
Fingerprint99:0A:30:40:59:B1:D8:81:5F:51:10:10:F0:1B:58:7C:4B:02:E3:AD
ValidityThu, 10 Aug 2023 19:02:52 GMT - Wed, 08 Nov 2023 19:02:51 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 400x400, components 3\012- data
Size
18 kB (18174 bytes)
Hash
bfd17b1e1bc18fbe6d315e26a1fddd89
e16e2f3e4960682f9a5532c406fced608df3e636
e4e18c0c927ef0a4a72f46210c2ea101667fce2af21733ff1a47380ee87c27d3

HTTP Headers

GET /images/keepvid-works-logo.jpg HTTP/1.1
Host: ww12.keepvid.works
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Cookie: PHPSESSID=4dms2bss314crskdgds8u92pg6
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 22 Sep 2023 05:05:31 GMT
Content-Type: image/jpeg
Content-Length: 18174
Last-Modified: Fri, 21 May 2021 01:40:44 GMT
Connection: keep-alive
ETag: "60a70f9c-46fe"
Accept-Ranges: bytes

addresseepaper.com/sfp.js

0.0.0.0

0 B

URL GET
addresseepaper.com/sfp.js
IP
0.0.0.0:0
ASN
#0

Requested by
https://ww12.keepvid.works/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

inpage-push.com/impression/7mFdm4-5caN4M__SHs-cN7A9Yaz-eFb1YqUEQZGYHS_-kFrQhsKv6S3XJcWvyi1Rog2srB7PihlBMrFz51joef16RSlgsiCIocaEmQ5HxHovQ_v5VXRY_uy3y4hGef_oUOzKj5B7lE6no8QOqba2vw-jpshEjOdDwf_9MuR-2ZLbBnFKys7rasyYMNtdXa6l_PEkzYZqtoLXKdlqVBnTwghrag6y_FM_fiTP4iLVvoSkA9JgM_JMKfwCF_PgD5oU4aYZUJyMKJSOO2VNacN3fLMe4tDN-DULax-RbmGC2RPqDNHw5d5KVuKX--u5xKdaxRoUfgujDxU_YeQVg_s3Xa7K98i19jjJCAwwqowBOsZLQHHNGnCIwAH_vxoGs8WNkvwvOzV_GGPiNDz5ajxUoQR41h8VI6f4brMUU4LTmkCmDXRob0GcJV0wc3_--ZdvB_QNSwH_ogNNbrApk3cdfRQ_btw_KPE5qM2a8bfjPW_6VPwPAPsIgJtzQ1gquerNXINzJqJyQXLr82peMNARF0hMlwt5L4H-w7oOFzA1blBdh77k0d_B93wnXuYw25WLGeRx5FcUg-tW1DovvHAsQjEEvf0=?_z=4378921&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fww12.keepvid.works%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=7&sw_version=v1.299.2

139.45.197.239

200 OK

43 B

URL GET HTTP/2
inpage-push.com/impression/7mFdm4-5caN4M__SHs-cN7A9Yaz-eFb1YqUEQZGYHS_-kFrQhsKv6S3XJcWvyi1Rog2srB7PihlBMrFz51joef16RSlgsiCIocaEmQ5HxHovQ_v5VXRY_uy3y4hGef_oUOzKj5B7lE6no8QOqba2vw-jpshEjOdDwf_9MuR-2ZLbBnFKys7rasyYMNtdXa6l_PEkzYZqtoLXKdlqVBnTwghrag6y_FM_fiTP4iLVvoSkA9JgM_JMKfwCF_PgD5oU4aYZUJyMKJSOO2VNacN3fLMe4tDN-DULax-RbmGC2RPqDNHw5d5KVuKX--u5xKdaxRoUfgujDxU_YeQVg_s3Xa7K98i19jjJCAwwqowBOsZLQHHNGnCIwAH_vxoGs8WNkvwvOzV_GGPiNDz5ajxUoQR41h8VI6f4brMUU4LTmkCmDXRob0GcJV0wc3_--ZdvB_QNSwH_ogNNbrApk3cdfRQ_btw_KPE5qM2a8bfjPW_6VPwPAPsIgJtzQ1gquerNXINzJqJyQXLr82peMNARF0hMlwt5L4H-w7oOFzA1blBdh77k0d_B93wnXuYw25WLGeRx5FcUg-tW1DovvHAsQjEEvf0=?_z=4378921&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fww12.keepvid.works%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=7&sw_version=v1.299.2
IP
139.45.197.239:443
ASN
#9002 RETN Limited

Requested by
https://ww12.keepvid.works/
Certificate
IssuerLet's Encrypt
Subjectinpage-push.com
Fingerprint36:65:A0:0B:78:CB:7B:B5:21:F9:D2:BB:ED:53:E4:11:2D:29:AB:9F
ValiditySat, 16 Sep 2023 10:10:27 GMT - Fri, 15 Dec 2023 10:10:26 GMT

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /impression/7mFdm4-5caN4M__SHs-cN7A9Yaz-eFb1YqUEQZGYHS_-kFrQhsKv6S3XJcWvyi1Rog2srB7PihlBMrFz51joef16RSlgsiCIocaEmQ5HxHovQ_v5VXRY_uy3y4hGef_oUOzKj5B7lE6no8QOqba2vw-jpshEjOdDwf_9MuR-2ZLbBnFKys7rasyYMNtdXa6l_PEkzYZqtoLXKdlqVBnTwghrag6y_FM_fiTP4iLVvoSkA9JgM_JMKfwCF_PgD5oU4aYZUJyMKJSOO2VNacN3fLMe4tDN-DULax-RbmGC2RPqDNHw5d5KVuKX--u5xKdaxRoUfgujDxU_YeQVg_s3Xa7K98i19jjJCAwwqowBOsZLQHHNGnCIwAH_vxoGs8WNkvwvOzV_GGPiNDz5ajxUoQR41h8VI6f4brMUU4LTmkCmDXRob0GcJV0wc3_--ZdvB_QNSwH_ogNNbrApk3cdfRQ_btw_KPE5qM2a8bfjPW_6VPwPAPsIgJtzQ1gquerNXINzJqJyQXLr82peMNARF0hMlwt5L4H-w7oOFzA1blBdh77k0d_B93wnXuYw25WLGeRx5FcUg-tW1DovvHAsQjEEvf0=?_z=4378921&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&pl=https%3A%2F%2Fww12.keepvid.works%2F&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&tzofs=0&js_build=7&sw_version=v1.299.2 HTTP/1.1
Host: inpage-push.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Cookie: OAID=c16e1b77b7fa4eab8f682d6404e8ee67
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Fri, 22 Sep 2023 05:05:36 GMT
content-type: image/gif
content-length: 43
x-trace-id: cf0cf77c3f373bb1699770a94f8d650e
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

104.18.10.207

200 OK

37 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww12.keepvid.works/
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5B:F7:8F:50:AD:E5:5B:5E:8C:4A:39:3D:0C:98:E8:8C:18:4B:3D:8A
ValidityFri, 30 Dec 2022 00:00:00 GMT - Sat, 30 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (32033)
Size
37 kB (37045 bytes)
Hash
5869c96cc8f19086aee625d670d741f9
430a443d74830fe9be26efca431f448c1b3740f9
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

HTTP Headers

GET /bootstrap/3.3.7/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww12.keepvid.works
DNT: 1
Connection: keep-alive
Referer: https://ww12.keepvid.works/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 22 Sep 2023 05:05:31 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"5869c96cc8f19086aee625d670d741f9"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 11/15/2022 10:30:01
cdn-proxyver: 1.03
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1053
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 3e819bd83884aeff82f17fab43f2e86a
cdn-cache: HIT
cf-cache-status: HIT
age: 1716449
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 80a803691f8156bf-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

142.250.74.42

200 OK

11 kB

URL GET HTTP/3
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://ww12.keepvid.works/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint09:AB:BF:F5:D0:04:69:59:E1:EA:AC:DA:8B:68:CF:62:94:2E:50:38
ValidityMon, 14 Aug 2023 08:22:09 GMT - Mon, 06 Nov 2023 08:22:08 GMT

File type
ASCII text
Size
11 kB (10615 bytes)
Hash
dbdc7ee435c6a7f4277bfc7fedf28368
8194a5d7e0108bed7abb001d8bf2b8985a5aa2ca
91b113cbf5aedc9b93ceebe313863344b1ead775a618a7e9f31f9e98dbbdf227

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 22 Sep 2023 05:05:37 GMT
date: Fri, 22 Sep 2023 05:05:37 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by